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Art Unit: 2166 

DETAILED ACTION 
Response to Amendment 

The amendment filed on 4/25/2006 has been entered. 
Claims 1 - 22 are pending in this Office Action. 
Claims 2 and 15 have been amended. 
Claim 18 has been canceled. 

Response to Arguments 
Applicant's arguments filed on 4/25/2006 have been fully considered but they are 
not persuasive. 

Applicant argued: 

1 . Delany does not teach or suggest the use of meta data structures that 
describe the network services. 

2. Delany does not teach or suggest that the user interface should be "created" 
using the meta data. 

3. Delany does not teach or suggest that the directory server should perform 
identity management services such as authentication and authorization. 

Examiner respectfully traverses Applicant's arguments because: 
1. Delany discloses "each of the profiles represents configuration information for 
the associated data store." The profiles are analogous to the meta data structures and 
the associated data store is analogous to the network service. The phrase 
"configuration information" indicates that the profiles could be in the meta data 
structures, as they could describe the arrangement of data parts in the data store. 
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2. Delany discloses the profiles and graphical user interface in paragraphs 154 - 
155. The profile contains information that can be viewed, modified, deleted, etc. 
Therefore, the information contained in the profile is utilized to create such graphical 
user interface, which enables the user to view and modify the information 
contained/associated with the profile. Therefore, Examiner concluded that the claim is 
written in such a way that is not patentably distinct from the prior art's disclosure. 

In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., page 11 "Specifically, the identity management infrastructure ... the user to 
perform identity management", et seq.) are not reflected in the rejected claim(s). 
Although the claims are interpreted in light of the specification, limitations from the 
specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 
USPQ2d 1057 (Fed. Cir. 1993). 

3. Delany discloses the access system in paragraph 106, which comprises 
access server, web gate, and directory server. The system provides authentication and 
authorization services. 

Examiner concluded that the claims are written in such a way that they are not 
patentably distinct from the prior art's disclosure. 

Claim Objections 

Claims 19, 21 , and 22 are objected to because of the following informalities: 
Claims 19, 21, and 22 depend on claim 18,which has been canceled. 
Appropriate corrections are required. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-22 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
Publication Number 2002/0138763 issued to Shawn P. Delany et al (hereinafter 
"Delany"). 

As per claim 1, Delany discloses, 

A method of managing identity information on behalf of network services, the 
method comprising the steps of (Figure 1, paragraph 96): 

obtaining a first meta data record describing a first of said network services 
(paragraph 130); and 

utilizing said first meta data record to obtain a first service data record containing 
first identity management information for an user of the first network service (Figure 3, 
8, paragraph 108 - 109, 139 - 142). 

As per claim 2, Delany discloses, 

the step of utilizing the first meta data record to create an user interface for the 
user of the first network service to enable the user to view said first identity 
management information (Figure 8, paragraph 107, 154 - 155). 
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As per claim 3, Delany discloses, 

the step of utilizing the first meta data record to create a first user interface for 
the user of the first network service to enable the user to modify said first identity 
management information (Figure 8, paragraph 108 - 109). 

As per claim 4, Delany discloses, 

the first user interface is dynamically configured during creation according to field 
information contained in the first meta data record (paragraph 130, 142, 155, 274). 
As per claim 5, Delany discloses, 

obtaining a second meta data record describing a second of said network 
services; and 

utilizing said second meta data record to obtain a second service data record 
containing second identity management information for a second user of the second 
network service (Figure 1, 3, 8, and paragraph 108 - 109, 130, 139 - 142). 

As per claim 6, Delany discloses, 

utilizing the second meta data record to create a second user interface for the 
user of the second network service to enable the second user to view said second 
identity management information (Figure 8, paragraph 107, 154 - 155). 

As per claim 7, Delany discloses, 

the first identity management information includes first network service 
provisioning information for the user of the first network service (paragraph 1 1 , 109). 
As per claim 8, Delany discloses, 
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denying access to the first network service where the first identity management 
information indicates that the user is not provisioned on the first network service (Figure 
11, 13, paragraph 106, 116-118). 

As per claim 9, Delany discloses, 

A method of fulfilling identity management information requests from a network 
user (Figure 11, 13, paragraph 106), comprising: 

obtaining meta data associated with a network service (paragraph 109, 116 — 

118); 

using the meta data to present an identity management user interface to an user 
of the network service (paragraph 107, 154 - 156); and 

populating the identity management user interface with identity information 
associated with the user (paragraph 142). 

As per claim 10, Delany discloses, 

receiving a request for identity management information for the network service 
from the network user over the user interface (Figure 11, 13, paragraph 106); 

obtaining the identity information associated with the network user (Figure 3, 8, 
paragraph 1 08 - 1 09).; and 

presenting the identity information to the network user via the user interface 
(Figure 8, paragraph 107, 154 - 156). 

As per claim 11, Delany discloses, 
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accessing an identity information database and retrieving a service record from 
said identity information database containing identity information associated with the 
network user (Figure 3, 4, paragraph 129 - 120). 

As per claim 12, Delany discloses, 

modifying the identity information upon request of the network user (paragraph 
108- 109). 

As per claim 13, Delany discloses, 

writing changes to the identity information to an identity information database 
(paragraph 108- 109). 

As per claim 14, Delany discloses, 

validating at least one of the changes to the identity information and the identity 
information before writing the changes to the identity information to the identity 
information database (paragraph 109: 12-20). 

As per claim 15, Delany discloses, 

An identity management infrastructure, comprising: 

an interface layer configured to receive first identity management requests from 
first network users of a first network service and second identity management requests 
from second network users of a second network service (Figure 1, Figure 3 element 
150, paragraph 135); 

a data access daemon configured to process the first and second identity 
management requests (Figure 3 element 120 and 152, paragraph 128 - 129, 132); and 



Application/Control Number: 10/616,561 Page 8 

Art Unit: 2166 

a data access layer configured to enable the data access daemon to access 
identity management data from at least one identity management database in 
connection with processing the identity management requests (Figure 3: agent and 
connection manager, paragraph 130-131). 

As per claim 16, Delany discloses, 

the data access layer comprises an API configured to communicate with the data 
access daemon, and an API configured to communicate with the identity management 
database containing the identity management data (paragraph 120, 148). 

As per claim 17, Delany discloses, 

the API is configured to communicate with the database utilizing at least one of 
Embedded Structured Query Language (ESQL), Open DataBase Connectivity (ODBC), 
Java DataBase Connectivity (JDBC), and Lightweight Data Access Protocol (LDAP) 
(paragraph 120, 129). 

As per claim 19, Delany discloses, 

an API configured to interact with meta data structures and service structures 
retrieved from the identity management database (paragraph 120, 129, 148). 
As per claim 20, Delany discloses, 

the meta data structures describe the network services (Figure 3, paragraph 
130), and the service structures describe identity information associated with users of 
the network services (paragraph 139 - 142). 

As per claim 21, Delany discloses, 
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an authentication module configured to authenticate the first and second network 
users and an authorization module configured to assess authorization levels associated 
with the first and second network users (Figure 1 element 34, paragraph 106, 116 — 
119, 148). 

As per claim 22, Delany discloses, 

a validation module configured to validate data prior to modification of data in the 
database (paragraph 109: 12 - 20). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Contact Information 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Sangwoo Ahn whose telephone number is (571) 272- 
5626. The examiner can normally be reached on M-F 10-6. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hosain Alam can be reached on (571) 272-3978. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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